mirror of https://git.sr.ht/~oppen/ariane
notes
This commit is contained in:
parent
d7916ee47f
commit
9df4233ff7
|
@ -30,7 +30,7 @@ From the spec:
|
|||
* Long-lived client certificates can reliably identify a user to a multi-user application without the need for passwords which may be brute-forced. Even a stolen database table mapping certificate hashes to user identities is not a security risk, as rainbow tables for certificates are not feasible.
|
||||
* Self-hosted, single-user applications can be easily and reliably secured in a manner familiar from OpenSSH: the user generates a self-signed certificate and adds its hash to a server-side list of permitted certificates, analogous to the .authorized_keys file for SSH).
|
||||
|
||||
This suggests it'd be useful for a client to offer both a long-lived 'identity' cert, and short-lived anonymous certs to offer a (real) incognito mode - a session cert.
|
||||
This suggests it'd be useful for a client to offer both a long-lived 'identity' cert, and short-lived anonymous certs to offer a (real) incognito mode - a session cert. In fact, looking at [Kristall](https://kristall.random-projects.net/) a client should offer full cert management, including import and export.
|
||||
|
||||
A key sentence in the spec:
|
||||
|
||||
|
|
Loading…
Reference in New Issue